Slashdot Mirror
AppleCare Reps Told To Skirt Malware Questions
Dominare writes with this bit from ZDnet: "'A confidential internal Apple document tells the company's front-line support people how to handle customers who call about malware infections: Don't confirm or deny that an infection exists, and whatever you do, don't try to remove it.' So basically, now that Macs have their own equivalent to XP Antivirus the best you can hope for is to be pointed at the store where you can buy something that may or may not fix your problem ... nice."
apple buries their heads in the sand just like most of their computer users....
If you think Apple software is inherently secure, read up on some of the past Pwn2Own contests.
Don't kid yourself - the only reason OS X doesn't have much malware (yet) is that Windows is used by far more people and is therefore a juicier target.
oh just you wait.
if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
I've never had such experience with my Windows box nor have millions of other Windows users. If they did, they would leave Windows by the millions a day looking to either OSX or word of Linux would spread like wildfire (like Facebook did for millions of people).
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers. I feel safe with OSX and have no need for antivirus. If you give our your root password to a random program, well, you're stupid. But if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
It's a new thing for Apple. They haven't had to deal with this much at all before, and a lot less than in the Mac OS 9 days and before. So there's some growing pains while they get their procedures worked out.
Meanwhile, if you get a rootkit or malware on Linux, well, you'll get a lot less support than Apple is giving right now, unless you have a contract with Red hat or someone ... and maybe not even then. So it's not like this kind of support is easy to provide by default.
Remember that EULA what you got with your software? Software provided "AS-IS"? The GPL has that clause, too. It's the state of the industry. It's not an easy problem to deal with, like unplugged power cords or using the wrong mouse button.
To be fair, I have never had any malware with OSX and I'm certain I will not..
Welcome to relevant market share.
We Linux guys got the problems long enough, i also had to reinstall a VM because i forgot to change a default password.
You think XServe is dead because it was better?
I've never had such experience with my Windows box nor have millions of other Windows users.
Weird. I remember a co-worker doing a clean install of Windows XP on a PC a few years ago and it had been remotely infected by a worm before it even managed to install all the security updates from Windows Update.
And yes, giving it an unfirewalled network connection was probably a bad idea.
From the article: "Microsoft provides free telephone support for security issues to all customers, regardless of whether the software was purchased at retail or as part of a new PC. Microsoft Support Article 129972 (last updated May 17, 2011) contains these instructions:"
Everyone that disagrees with me is a paid shill
Certainly the best way to deal with a problem is to deny that it exists altogether. I guess so long as people have faith that a mac is somehow immune (be it to actual virii or user error induced malware installs), and they keep selling, that's all that matters.
Steve must have been taking lessons from some govn't agencies.
Sent from my PDP-11
Microsoft Malicious Software Removal Tool? Microsoft Security Essentials?
To be fair, poorly configured linux servers are pwned all the time.
But if you use Windows you get infected just by connecting to the internet.
What utter nonsense. Any version of Windows from XP SP2 onwards has a built in firewall. For earlier versions of Windows a program like ZoneAlarm will do an exceptionally good job (arguably better than the built in Windows Firewall, depending upon what you want). Modern browsers have anti-phishing and anti-malware stuff built in. You have to go out of your way to get infected these days.
Since I started using Windows in 1994 (after being an ignorant Unix using Windows hater) I have not had one virus/trojan/rootkit infection. Not one, in 17 years. Sure if you go to the wrong sites and download the wrong stuff, or download stuff you know has been hacked/cracked/pirated then you open yourself up to problems (as my brother in law did and ruined his PC, but that was his own fault, nothing to do with connecting to the internet, everything to do with his behaviour).
I still use Linux and Windows. Both are great. I don't use a Mac as I don't see the point paying a huge premium to have incompatible hardware that performs no better than a decent x86 PC that can run Windows or Linux.
That's irrelevant. The only reason a Windows computer get malware on it is because the user does something stupid. The number of stupid users doesn't make the product itself inherently infected with malware.
Supporter of the +1 Over Dramatic mod option. In memory of apk.
Yeah, for a while now.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Apple declares: Fuck it, we're evil
"But our stuff is sooo good. You’ll keep taking our abuse. You love it, you worm. Because our stuff is great. It’s shiny and it’s pretty and it’s cool and it works. It’s not like you’ll go back to a Windows Mobile phone. Ha! Ha!"
http://rocknerd.co.uk
OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
Security by association? Many windows holes aren't a direct attack on the kernel either. Most expose vulnerabilities in network services or commonly used apps. If you think that OSX is immune from infection due to some mystic link to an OS written by bearded folk you're delusional. Every programmer at some point leaves a bug that could be exploited in a network attached program. Even programs like OpenSSH (with your precious BSD heritage) have had their fair share of vulnerabilities in the past.
Malware is a money making industry. If it becomes profitable to attack OSX, and if OSX becomes common enough to allow viruses to spread (if a certain percentage of a population is immune viruses are often prevented from spreading) you can kiss you sweet security by link to bearded men goodbye, as well as security by lack of motivation.
Heck there was a denial of service attack that could be performed on Windows as a result of the Bonjour service. What is Bonjour service? Something written by Apple installed with iTunes.
I hear that Sony has some "recently available" security engineers, maybe Apple should hire them to work the phones.
Shouldn't front-line support people actually know if it's actual bad malware or not? If it is, this is remarkably stupid to neither confirm nor deny that it even exists. That seems like it came from marketing, not tech support. sigh.
Enough said, although the internal memo from Apple smacks of "cover our ass" legal hot footing - they pretty much say "go look this up on the internet", which is not a great response, although this isn't actually a public response. No doubt there will be something forthcoming soon.
AppleCare techs *have* responded to people about how to remove it, although I guess that's not policy now, although given that it's still "an issue in progress" I expect these are temporary policies while they hammer something out - like a malware tool, or some specific legal thing. No doubt it will be trotted out every time a security issue comes up, along with the trolls saying things like "it takes years for apple to respond to any security vulnerability" (+5 insightful). mmm. Tasty truthiness!
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers. I feel safe with OSX and have no need for antivirus. If you give our your root password to a random program, well, you're stupid. But if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
...and the Steve was God, amen.
Like connect to the internet without first spending some money on one or more anti-virus packages? Windows is the only current OS which connects to the internet with its legs wide open.
Every Windows OS since XP SP2 has had the Firewall built in and turned on by default.... Nice try though
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Yep, people seem to forget how much "Hackers looooooooooooooooove noodles". http://en.wikipedia.org/wiki/Ramen_worm
Code softly but carry a big magnet.
All you have to do is go into Safe Mode. http://support.apple.com/kb/HT1455 Then go into the Applications Folder > Choose MacDefender.app > Move to Trash. (in Safe Mode) Reboot normally and reset Safari.
Avant? Antivir? If you don't know what you're talking about, it's probably best to say nothing at all.
I'll never understand why people like you spread so much FUD. I mean if you don't like Windows - don't use it. Why make stuff up? And if you make stuff up at least make it logical.
Seriously, if you knew how many websites were running on un-patched Fedora Core 1 installs you'd shit your pants. And the thing is, they don't usually make the news because the 'sysadmins' (often web developers who know just enough to be dangerous) have no idea their boxen have been rooted.
hey, this is a web page claiming that your infected, click ok!!
umm, you clicked cancel, you really want to click ok, ok??
you know, it doesn't matter which button you push, both result
in the continuation of this racter like discussion.
wow, you clicked ok, wait while I install some software to 'help' you.
oh, while installing I noticed that I will need your password to continue....
wow, you gave me your password, can you google pwn3d ?
works on PC, works on Mac, likely works on every other modern OS.
this isn't an exploit via bug, its an exploit via user, if you drop your pants in front of a glory hole......
that said Apple isn't really helping by avoiding the topic.
Unix, an obscure operating system developed by bored researchers in an attempt to get a better game playing experience.
He's referring to XP Service Pack 1 and before, and most likely the blaster worm. Before MS got their crap together. Real techies know to stay away from any new OS until the second major round of patches come through. That applies equally to Windows and OSX.
Apple employees are directed to not help you fix a problem with a bad application you chose to install AND chose to give root privs to.
And ... ?
And you actually click on a link, and it goes to a page featuring HP/Toshiba/Samsung/Sony laptops (and Asus netbooks)
Which is funny, because the last install of OS X I did (10.6.7, I think) didn't have it's firewall turned on out-of-box. If you connect your machine -- doesn't matter the OS -- without some form of hardware or software firewall to the internet, you're asking for trouble.
They gave me a free GigE card (at their suggestion) when I had problems with the built in ethernet on the logic board on a Powermac G5 and didn't have the time to take it in for repair because it was an edit machine.
They replaced my brother's iBook, 3 days out of warranty, because it was close to the expiry date and it was unfortunate.
They shipped a fresh set of Universal Binary Final Cut Studio disks to me for postage cost when the Intel switch came about, so we wouldn't have to buy the newer version of the suite to be able to run it natively.
Oh I'm sure I have a few more.
They also do "Macs form [sic] dummies" for those who yank their power cord from the wall socket by the cable and wonder why it frays and catches fire, or who throw their laptop in a bag with no case and wonder why the surface gets all scratched and so on.
They also deal with regular people who have hardware and software problems.
I've never had such experience with my Windows box nor have millions of other Windows users.
Weird. I remember a co-worker doing a clean install of Windows XP on a PC a few years ago and it had been remotely infected by a worm before it even managed to install all the security updates from Windows Update.
And yes, giving it an unfirewalled network connection was probably a bad idea.
The final straw for me was the nice Microsoft support person (in India, from the accent) telling me that I'd have to disable my firewall in order to install XP SP1. This was despite me telling her that my cable link was getting several intrusion attempts per second (bad route requests, login attempts, etc.), and I doubted that an unprotected Windows could survive the hour or so that the upgrade would take. AFAIR this was back in 2003-ish, in response to my email complaints that the XP SP1 install failed on my laptop with rather unhelpful messages.
Instead of installing XP SP1, I installed SuSE linux, which later got supplanted by Warty Warthog.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
I was waiting for MS to release such malware. Initially, I was surprised that it took so long, but it had to get to 3.0 before being adopted.
And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.
Sure, see for example how Sony got their PSN servers rooted and cored. Serves them right for running Windows in the server space. Now if only they had run an inherently safe OS, like Linux...
OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
Security by association? Many windows holes aren't a direct attack on the kernel either. Most expose vulnerabilities in network services or commonly used apps..
Among those: Norton's Antivirus.
Welcome to our world. I agree that the OP is spreading Windows FUD like it's going out of style, but I guess you just got a taste for what it;s like to be a Mac/iOS user for a few minutes on slashdot. You just have to roll with it - some people just get set in a "xxx sucks/is evil!" mindset and you can't really argue with it.
FTR, I am ambivalent about other people's operating system choice: use what works for you. I do find though, that I have to defend my own choice of OS far more often than I ever give a negative opinion of any other OS out there, especially on slashdot. It does get wearisome.
to be fair, linux isnt sold to soccer moms in mass
I agree. If you read the memo, installation of the "malware" requires authorization from the user. If you choose to do that, the OS vendors hands are clean. Apple isn't responsible for removing software you installed.
Give me Classic Slashdot or give me death!
You are correct, the OS X software firewall is off by default, and it should be on. However, it is mitigated somewhat because all the remote services (file sharing, ftp, ssh, remote login etc) are all off by default. This doesn't excuse the lack of default on, however.
Most malware relies on stupid users clicking on, surfing to, and installing crap, something that generally doesn't happen on a modern server of any OS unless the admin is an idiot.
The crux of the current problem is a setting in Safari that allows the computer to open"safe" documents automatically. The issue with that checkbox has been known for over a year and its one of the things I remember to do is to uncheck it (as it has been defaulted to checked, open those documents.)
Apple could have done an update to uncheck that box, or better yet remove the feature, but it sadly remained and now they are going to have to pay for thier ignorance of the issue.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
Little know that OS X comes wit built in virus protect with the Xprotect.plist... Not advertised because Apple want to keep the impression that Mac's don't get infected.
||| I still can't believe Parkay's not butter.
And if you RTFA, you'll find that Apple and MS do the same damned thing: Tell the user to get some antimalware software to get it out.
All sold by Microsoft.
Its like when you buy office software from an Apple Store and they showing you Microsoft Office. They didn't program it, but they will happily sell it to you, thus the the Apple store does sell office programs. And games, music, movies on iTunes but they didn't make any of them.
Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
Like connect to the internet without first spending some money on one or more anti-virus packages?
You're obviously doing it wrong, if you're getting viruses or malware by simply connecting to the internet then you're an idiot.
The problem is Apple is NOT an OS maker, they are a system maker. In particular they make a unified system where they do it all. If you talk to a Mac head this is one of the things they talk about being so great, that Apple creates a "unified experience" and supports everything. They push the model of "Just bring it to the Mac store," as how you handle support and all that.
Fine but that means that you are going to get questions about malware and the like. They can't play it off with "But MS doesn't help!" They are selling the "We are the company that takes care of you and makes everything," they get to deal with the support calls.
Also, MS DOES in fact help with that shit. If nothing else they publish the malicious software removal tool (which Windows get automatically) and make Microsoft Security Essentials available for free. While they don't do everything, they do provide free tools to help.
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers. I feel safe with OSX and have no need for antivirus. If you give our your root password to a random program, well, you're stupid. But if you use Windows you get infected just by connecting to the internet. I've never had such experience with my Mac.
This is the problem Apple is going to have when it gains a respectable marketshare, the masses seem to think OSX is magically safe from viruses and malware, when in actuality it's just too tiny of a target.
Are you reading the article on Zdnet, because that is the opposite of what it says. It says that Microsoft wants you to install antimalware software BEFORE you call them. " 1.Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site: http://www.microsoft.com/security/scanner/(http://www.microsoft.com/security/scanner/) For more information about antispyware software, visit the following Microsoft Web site:http://www.microsoft.com/protect/computer/spyware/as.mspx(http://www.microsoft.com/protect/computer/spyware/as.mspx) 2.Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support."
The headline implies Apple is skirting questions about the existence of malware. This is not true. They are telling their support people they must not confirm or deny that the callers particular machine is infected, because they don't do antivirus malware cleaning support, (Neither does MS).
(If at first you don't succeed, do it different next time!)
I don't see a problem. I'm guessing the vast majority of infections aren't the fault of the OS or hardware. So why should Apple be on the hook to repair some guy's machine who infected himself by running a porn dialer or some app he grabbed off a torrent site?
No... I've seen windows systems compromised by the MS antivirus scareware on non-administrative accounts, where the users did not ever install a single piece of software... the only thing they used the internet for was surfing the web, checking facebook, and reading email. At no point were the users cautioned that a program was going to be installed on the computer.
File under 'M' for 'Manic ranting'
Apple's CS by itself, is a big sell in its favor. Bought a Mac, bad RAM... they did a machine exchange on the spot. iPhone had some bad flash storage... 10 minutes, the SIM card was swapped and I was good to go with a replacement unit.
For nontechnical people, being able to call one number for a problem, be it hardware, OS, or even the app makes the Apple Tax worth it, especially if they make their living from the computer.
PC makers also offer good support, but you have to buy their business line of machines (Precisions, Optiplexes), and their top tier support contracts. This is the par for companies, but for individuals, Apple has the best CS for the large computer makers.
The reason Sony got bent over backwards was they were running out-dated, unpatched apache web servers with no firewall, not really because of the OS they were using.
Even programs like OpenSSH (with your precious BSD heritage) have had their fair share of vulnerabilities in the past.
Clue me in, what is the "fair share" for a program such as OpenSSH? A zero-day on OpenSSH is the rough equivalent of raising the Libyan flag at the center of the Pentagon.
I can't stand the thinking that buffer overflows are a fact of life. Only if you believe that shoddy workmanship is a fact of life. Subtle edge cases in a tricky protocol account for maybe 1% of the buffer overflows out there. The majority are copy first, ask questions later. There are plenty of these people out there programming computers; very few of these people are accepted into med school. The root cause of most buffer overflows in commercially important applications with large, well-resourced development teams is the network effect. There's a hideous pressure to be first, rather than right, or solid and tight.
Imagine if PC Magazine back in the fat 1980s had a penetration testing department that stamped "did not qualify" on every beta software product tested where any serious failure mode was tripped. But no, if the software could do one important function correctly 10% faster than the next piece of software (by hook or by crook), it was stamped "editor's choice".
In sports forums where there is serious discussion about prospects, this is ridiculed as "saw him good". There's always a contingent out there drooling over the next hockey jesus with the flashy stick move who leaks the puck in his own end ten times per shift, and wailing with incomprehension over why the professional hockey minds have his ass stapled to the bench or racking up demotion miles to a lower league.
The only difference is that in software, your pimply hockey jesus is referred to as the next "killer app". A certain type of consumer is busy drooling over the 30 second highlight reel without any real concern over whether the kid is willing to learn how to play a two-way game for sixty minutes.
Moral of the story: you get what you drool over.
Apple is trying to protect themselves from becoming a helpdesk, which is something they are not. They are very clear about this. The Genius Bar is also, very clear about this. They are not a help desk, and in advanced cases support comes at a price. Just as apple is not on the other side of the phone to teach you what each keyboard shortcut does, they're not there to fix every little computer problem you have. You can't call apple if you delete a photo, and all the same you can't call apple if you clicked a link and had your system violated.
The major problem is that we now have to recognize exactly what this means. This does not mean that the mac is more or less vulnerable, because it's not - it is exactly as vulnerable as it was before. The problem is that as the total users of Apple computers grows, the ratio of of (minority) secure users to (majority) vulnerable users grows in distance. As the Apple becomes more popular, the chance of the user interacting with the system is likely to follow a malicious link, open a malicious email, or fall for a malicious ad, is greater; there is a higher chance that this user is the type of user interacting with the system, as these are the most common users on the internet.
This is a trend that was not witnessed with PCs, as by the time Malware became a heavy component of the PC/Internet world, PCs had penetrated every aspect of the general public. Mom and little brother would follow any link to their hearts content, would want to help the Nigerian Prince, and would feel obligated to save the Penguins of North Africa. Apple has now begun penetrating this market as well, and it can only be assumed that the same ignorance will also affect the Apple community.
You can secure a computer all you want, it's very difficult to keep most people from clicking the latest joke link and falling for any one of the thousands of ads they'll see in a 5 minute time period. The only perfect solution, is to not let them on the computer at all.
I do agree, a correctly configured and updated linux server is a great moving target, and a non-updated one that just sits there, is a marvelous broad side of a barn target.
A confidential internal Apple document
Speaking of security...
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
To be fair, I have never had any malware with Windows and I'm certain I will not. All (read that again, "all") operating systems are vulnerable to malice, and all (once again, "all") operating systems can be made mostly impervious to malice. All it takes is a little proactive prevention. In a system like Linux, it's configuring your security and permission settings properly and modifying software settings so they're not running on default ports, etc. And keeping everything up to date at all times. On Windows where things aren't so customizable, you are usually best off behind a hardware and/or software firewall with realtime and scheduled-scan antivirus software running. On Macs you haven't really needed to worry much because Macs have never been a target for widespread malice. On all systems, user incompetence can completely outdo even the strongest security configurations because all you need to do is download miley_cyrus_real_nude_pic.jpg.exe, run it, enter your root password, and hit Allow Forever on every antivirus popup that opens.
As the Mac market share increases, Mac malware will become more and more widespread. Just you wait. The only reason they have the least viruses (note that they DON'T have NO viruses) is because the market share has been so small that Windows has been a much more profitable target.
Well if you count the cost of the OS, then yes, you did.
To be fair, I have never had any malware with OSX and I'm certain I will not. OSX by its roots (BSD) means it doesn't get the kind of malware that plagues all those M$ Windows computers.
To be fair, I have never had any malware with Windows and I'm certain I will not. All (read that again, "all") operating systems are vulnerable to malice, and all (once again, "all") operating systems can be made mostly impervious to malice. All it takes is a little proactive prevention. In a system like Linux, it's configuring your security and permission settings properly and modifying software settings so they're not running on default ports, etc. And keeping everything up to date at all times. On Windows where things aren't so customizable, you are usually best off behind a hardware and/or software firewall with realtime and scheduled-scan antivirus software running. On Macs you haven't really needed to worry much because Macs have never been a target for widespread malice. On all systems, user incompetence can completely outdo even the strongest security configurations because all you need to do is download miley_cyrus_real_nude_pic.jpg.exe, run it, enter your root password, and hit Allow Forever on every antivirus popup that opens.
As the Mac market share increases, Mac malware will become more and more widespread. Just you wait. The only reason they have the least viruses (note that they DON'T have NO viruses) is because the market share has been so small that Windows has been a much more profitable target.
I forgot to add that the above steps will mostly protect you from automated attacks. A dedicated, knowledgeable, and well-versed individual trying to manually break your box can probably do so given enough time and just one slip-up on the victim's part.
If you give our your root password to a random program, well, you're stupid.
Actually, you no longer have to give out the root password. The unix security model has long since been replaced on linux and OSX systems with a scheme that accepts your personal password, and "escalates" it to root permission. If you use the sudo(8) command, you may have noticed that it now asks for your password rather than root's, and that suffices to get root permission. This means that if you've given your own password to any of those popup windows that request it, you have given them "root" access to everything on your machine. Unless you have the source code and have compiled it yourself, you don't know what that program did with your password. You also don't know how many databases scattered around the Net also now contain your login id and password, allowing their owners to do the same any time they like.
Yes, this capability can be disabled. But this privilege escalation is enabled by default. Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
Really, the only remaining vestige of actual security on linux or OSX is the local custom of asking your permission to do something, rather than just using its cached copy of your password that you don't know about. But we can expect that software is being developed that, once it's tricked you into divulging your password, never asks for it again, but just uses it to get root permission thereafter. And note that none of this requires knowing your root password.
Of course, this is still somewhat more secure than the Windows scheme of doing "system" updates without asking permission, even if you've disabled automatic updates. MS has admitted that this feature has been in Windows since XP. So all it takes is greasing the right palms at MS to get access to this, and you can "upgrade" any part of a Windows box's "system" to include your code any time you can reach it from the Net.
Anyway, lest someone thing I'm kidding, I just opened my handy Macbook Pro, fired up a Terminal window, and typed:
gavving:/Users/jc: id
uid=501(jc) gid=20(staff) groups=20(staff),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin),101(com.apple.sharepoint.group.1)
gavving:/Users/jc: sudo csh
Password:
gavving:/Users/jc: id
uid=0(root) gid=0(wheel) groups=0(wheel),1(daemon),2(kmem),8(procview),29(certusers),3(sys),9(procmod),4(tty),5(operator),80(admin),20(staff),101(com.apple.sharepoint.group.1) gavving:/Users/jc:
I typed my own password to the Password: prompt, not root's (and they're different). Note that I became root when I did this. This also works on my two linux boxes.
(Bonus points if you can name the SF novel that the machine's name came from ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
To be fair, soccer moms aren't putting up web servers.
You are welcome on my lawn.
I did, about eight years ago. I was performing my yearly reinstall of Windows and the infamous W32.Blaster managed to infiltrate my system. It required no user interaction whatsoever and I couldn't even keep the damn computer on for more than 60 seconds to download the necessary patches or removal tool. I had to download them from a second, patched machine. So it's not the norm, but it has actually happened at least once. And I still kept on using Windows for quite some time after that, before switching to Linux, mostly because I had never heard of any alternatives to Microsoft's jewel.
Your group is "staff". You are running as a user with administration privileges, which is close to, but not the same as, root. You may want to make your everyday account a normal user, and keep a separate administration account for times when you need it.
Remember those botnets that were attempting to distributively brute force ssh, targeting only machines that used OSX? I had machines running Linux and Windows with Cygwin's sshd, and they weren't touched. I heard the botnet members were infected with a Trojan from an Adobe CS crack.
To be fair, soccer moms aren't putting up web servers.
to be fair, soccer moms are putting up web cams all the time.
I'll admit I had a box pwned.
Setup a VPS with a bunch of software and forgot about it for a few months so it never got updated. Logged on and one of the daemon users had a bunch of stuff running on it(Chinese spam going to Chinese boxes, so no real damage occurred) It wasn't rooted or anything but i wiped the machine anyways.
O.o
Why would you have to defend your choice of OS? It's not like a rabid slashdotter can confiscate your machine or swap it for a Windows/Linux/Solaris/"Os/2" box unless you make your case. Can't you just read a critique of your OS of choice, analyze it and, if you find it to be valid, then wonder if it makes any difference for you? It's really simple, usually takes less than a second and does not require feeding trolls. If it takes more time than that or demands a certain amount of research, then you're learning something, which is a plus. Works for me.
woot
(Emphasis mine.) No, that's a reason, in a long list of reasons. Seriously, you just have not thought about security, if you think that Windows is only attacked because it's common. Windows is fucked up in a way that most other platforms aren't. Wake me up when you have to turn on an .exe file's executable bit before you can run it, like you can on every Unix and Unix-like OS. Wake me up when Windows doesn't come out-of-the-box with something even half-as-silly as ActiveX enabled. And I don't know if this is still the case (I think it might not be) but Windows used to have something on by default, where merely inserting media (e.g. a CD) would cause the OS to immediately load and execute code.
Then, on top of all that, most machine that have Windows, come with borderline malware preinstalled by the hardware vendor. Hey, I'm not saying this is Microsoft's fault; it's not. But it is the reality of the situation and the installed base of machines out there. And it is part of the culture; if someone is willing to settle for Windows, they really are willing to settle for their "ware" being more "mal." That's how they vote with their wallets.
Seriously, Windows is just plain bad. It's below average when it comes to security. MacOS, like Linux, is pretty average. And then there are the good OSes (which nobody likes to use). With equal marketshares, Windows is still going to have more malware than anything else.
Even better is building it right in the first place. There's really no excuse for bad RAM (expeically at the prices Apple charges). Diagnosing bad ram can be extremely time consuming and the symptoms aren't easy to spot (unless it's really DOA). You've drunk the Apple-aide on the iPhone. Rather than complaining a crappy, poorly manufactured product, you're proud that you bought a defective item and then when you identified the customer they fixed it. How much time did you spend going to the ARS, waiting in line, talking to someone to get a defective product fixed.
If you had bought a Dell and it came with defective RAM or flash, you would complain about the crappy quality of PCs. With Apple, a bad product is a way of delighting the customer.
I have to say that in purchasing close to 100 Dells for my company I've never gotten a DOA device or bad RAM.
"Microsoft doesn't support removal of the hordes of malware on it's platform either."
Bullshit. Microsoft Security Essentials.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
No, I don't think so. I did it again, typed "id -r -u" and "id -r -g" command, and both gave me 0. My real and effective uids and gids are all 0; I have full root permissions. And I didn't need to type the root password, just my login's password.
Granted, I did this as an admin user. That's also the default setup for OSX, and very few Mac users (and not many more linux users) would have any idea how to correctly set up an account that can't be escalated to root this way.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
And Apple also recommends several antimalware products on their website as well. As OS X never had a petri-dish era like the earlier days of XP, they don't recommend using the antimalware before calling as it wasn't deemed necessary. We may see some changes to that procedure before long.
As someone who fixes said boxes 6 days a week, allow me to shed some light on why that is. I have found a good 90% of viruses on machines can be traced back to one of four attack vectors. 1.- The "you want teh hot lesbos? you need to run our Iz_not_Viruz_iz_codec.exe to play teh vidz!" 2.- The "ZOMg you got teh viruz! To fix run our Iz_not_Viruz_iz_cleanerz.exe to get rid of it ZOMG!" 3.-The "Use the new Limewire (Iz_not_Viruz_iz_Limewirez) to download teh latest Titney_Spearz.mp3.exe tunez today!" and 4.-"Hey my BFF sent me a funny cat video! It says I should run Iz_not_Viruz_iz_LOLCatz to see teh kittiez!"
Notice how in NONE of those attacks did the underlying OS make a difference in any way, shape, or form, because it was the USER actively helping the malware? The last real security issue in Windows, the "hey lets have everyone run as admin!" died when Vista came out. That is why you're seeing more third party like flash exploits and a shitload of social engineering, because the malware writers know the best way to get around security is have the user help you and frankly it is beyond easy.
Trust me Linux guys, you ever get the numbers OSX now has? you'll be seeing Iz_not_Viruz_iz_screensaver.sh and the users WILL run it. Look up "KDE screensaver bug" to see it HAS happened in the past and it WILL happen again in the future. The reason why you're not a target now is the numbers simply aren't there and like most criminals malware writers are lazy and go for the lowest hanging fruit, and that is the Iz_not_Viruz_iz_(fill in the blank).exe by a HUGE margin.
ACs don't waste your time replying, your posts are never seen by me.
Microsoft provides free telephone support for security issues to all customers, regardless of whether the software was purchased at retail or as part of a new PC.
The top post of the article linked to also has a poster making this same comment, and the article details Microsoft's policy on assistance for malware removal.
Also, as has been stated, Apple is not just the OS but the system manufacturer. I don't know to what extent HP, Dell, or other system manufacturers support malware removal, but for the premium price I would have thought they would have better support. Oh well, I guess Apple will just stick to blocking you loading 3rd party apps and porn on your smartphone...
What I mean, and I think you know, is the constant stream that Apple users are "sheep" or "worship at the altar of jobs" or that "OS X is a toy OS" or "Apple users have been duped into using Apple products because there are absolutely no redeeming features or other thought processes, it's all marketing". You know, the usual stuff, all very common on slashdot.
Surprisingly there's very little critique of users who use other OSes, certainly not to this extent.
It reaches a point that you need to fill your post with disclaimers and very specific language, lest someone harp on you for some perceived misstep - for example, any time Apple's contributions to Webkit are mentioned you have to point out that yes, I know it's GPL and Apple *have* to release changes, and that *yes* I know it was an open source project beforehand that was adopted by them and that not everything was magically created by them. You get the idea. This is what I mean in defending my choice of OS - you simply cannot say "I use OS X and am happy with it, because it fit my needs better than the alternatives" without someone coming in and *telling* you (often with quite colourful language) that you're wrong.
So, Apple allows you to install any software you want, by giving it the root password... So a user action. Yet, Apple rolls out the App Store on OS X to avoid this issue, and /. lambastes them because they are making the OS less "free" - so which do you want - the ability to totally fuck your computer up - or a guardian angel?
Add to that: last I checked, the firewall GUI only exists in OSX Server, not the desktop version of OSX. Sure, there's ipfw, but what home user want to use ipfw on the command line?
You'd be surprised. I think you may be perceiving more anti-Apple rants because you're a OSX/iOS user. Granted Linux is somewhat less vilified here on /., but Windows suffers the same kind of prejudice. Actually Apple is for the technologically illiterate gay yuppie with more money than sense. Windows is for the 14-year-old irresponsible brat who only cares about gaaaaamez or using facebook to publish his or her egoshots, his or her grandparents and for subordinates of the many shady executives that Microsoft has bribed. Linux is for the 30-year-old unemployed virgin who live in their mom's basement, uses an obsolete machine and rants on Slashdot and/or 4chan between prolongued sessions of angry masturbation. So we all have to deal with trolling. What I'm saying is that not only it's easier to just ignore the obviously stupid comments, but it also makes for a less cluttered /.. And if a critique is obviously stupid, a) no reasonably intelligent person will take it seriously and b) no matter what you say, you will not change your interlocutor's opinion about Apple, Google, Mozilla, FSF or whatever subject is heatedly being discussed, so you may as well just let it be. It's also less stressful.
TL;DR version: don't feed the trolls.
The last real security issue in Windows, the "hey lets have everyone run as admin!" died when Vista came out.
Not entirely true. For most single user systems, the first account that windows has you set up is an admin account. There is not sufficient guidance during setup telling people to create and use a non admin account for every day use.
Something stupid like browsing a reputable website with an up-to-date browser and even an up-to-date AV? That's how the last three infections I've seen started.
"When information is power, privacy is freedom" - Jah-Wren Ryel
If you took it to an Apple store they would help. AppleCare "technicians", generally speaking, are Tier I support. Mac Genii are considered tiers II and III. There's a whole lot of stuff AppleCare techs aren't given permission to do, that a Mac Genius will. Not to mention, I'm sure any reputable Apple authorized service provider would be more than willing to help and put it on Apple's dime. I've personally never drank anyone's Kool-Aid, I prefer Macs for home (for simplicity and ease of use), and was a Mac Genius for about 3 1/2 years. I now support about 1000 Windows 7 machines, and a couple dozen windows 2008 servers. They're all infernal machines to me :). The truth is there have been virii for Macs for a long time. One of the big reasons people don't get infected is, you have to authenticate for there very installation. If you're typing your password in to install a package, and don't know what it is, that's the problem, not the operating system.
Are people so idiotic to think malware could be removed with any assurance, or that Apple would want to warranty its removal?
Once malware is installed, the machine, the drive needs to be wiped from a clean machine and restored from a backup prior to the installation of malware. I bet that that's all Apple would sign up to do too.
Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
visudo or Gnome's user control panel. But how many things do you know how to do off the top of your head? Are we going back to the days of the ancient Greek philosophers where having to looking up a piece of information was considered a mental weakness?
"When information is power, privacy is freedom" - Jah-Wren Ryel
Microsoft doesn't support removal of the hordes of malware on it's platform either.
But Microsoft wont deny malware's existence. In fact they publish several free tools to help you remove it. The fact that they aren't as good as free alternatives not withstanding.
Calling someone a "hater" only means you can not rationally rebut their argument.
Apple is for the technologically illiterate gay yuppie with more money than sense. Windows is for the 14-year-old irresponsible brat who only cares about gaaaaamez or using facebook to publish his or her egoshots, his or her grandparents and for subordinates of the many shady executives that Microsoft has bribed. Linux is for the 30-year-old unemployed virgin who live in their mom's basement, uses an obsolete machine and rants on Slashdot and/or 4chan between prolongued sessions of angry masturbation.
I'm a 37-year-old employed heterosexual virgin who only cares about gaaaaamez and ranting on Slashdot. I use all three OSes, and more besides! You can't pin us all down with your fancy categorizations. P.S. I know you weren't trolling P.P.S. I never lived in the basement.
A Mac is a bog standard Intel PC with a different OS. So I really don't see your point.
Have you heard of Jesux?
I'm a 37-year-old employed heterosexual virgin with more money than sense who only cares about gaaaaamez and ranting on Slashdot. I use all three OSes, and more besides! You can't pin us all down with your fancy categorizations. P.S. I know you weren't trolling P.P.S. I never lived in the basement.
Fixed that for you, otherwise I'd have to confiscate your Apple gear.
Does anyone not notice that this is from Ed Bott's Microsoft blog, just like yesterday's Mac "malware explosion" article was also from Ed Bott's Microsoft blog?
so they are the same level as geek squad?
as most geek squad reps just hook up systems to a remote link to get them fixed.
You make some good points, but:
Unless you have the source code and have compiled it yourself, you don't know what that program did with your password.
this one isn't correct. The app doesn't get your password, the system gets your password and give the app permissions.
Unless it throws up a dialog that just happens to look like the system's dialog, of course.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
By definition, this malware is 3rd party software. Users have to enter their admin password to install it. Just like any other third party software, I am not sure why people think that Apple should provide any support for it. For example, if I install some 3rd party shareware program that turns my pointer into a naked girl with bouncy boobs and it causes conflicts with other software or eats up system resources or sends out emails on my behalf, then I have zero expectation for Apple to supply support for the situation I got myself into.
Just because Apple sells both the hardware and OS doesn't mean they have to provide support for or have their staff trained to deal with every piece of software that could possibly run on that machine. The same is true of any computer with any OS. If you are typing in your password to install something, know what you are installing first. Duh.
They replaced the keyboard in my laptop after I got coffee on a key and it wouldn't work. On the other hand, when the back-light in that computer's monitor died, the only thing they could offer was to replace the entire top half of the laptop. A little goggling found me an independent operator who replaced the back-light for a tenth of the price.
Once malware has run on your box, it's a wipe and reinstall issue. And if it is a business machine then there are potential legal issues with disclosures and so on. In that environment there is no safe guidance a technician can give.
Help stamp out iliturcy.
It does not say anything about not admitting that there is a problem
You should not confirm or deny whether the customer’s Mac is infected or not.
Ummm..
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Also..
By the way - it's not an internal document, but an anonymous employee being cited.
http://i.zdnet.com/blogs/apple-macdefender-investigation-may-16-2011.png
(click the image in the article, if this doesn't work for you).
Umm..
Sorry buddy, you were wrong on both counts. Seems like you need to read the article again, zealot.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
Last time I called, the first level guy was having me do stuff with the CLI to deal with a legit, confusing, problem--and he figured it out. Every other place I call, only the third level guy can even comprehend that the basic fixes did not work and that is why I'm calling.
Duh? And it isn't Apple's responsibility to support those, either.
> last I checked, the firewall GUI only exists in OSX Server
The firewall switch is in "System Preferences -> Security -> Firewall".
There's a button that reads "Start" and it is accompanied by a label that reads "Click Start to turn the firewall on".
I agree that this may be hard to find for some, especially if they can't read AND hear.
If you have a contract with Microsoft Support they are obligated to help. Individuals do not have these contracts.
Now AppleCare covers this so yes they need to provide support or turn into another IE. My parents would still use IE if it were not in the daily news for constant infections and security hazards. They chose to switch without my help.
If I were a malware writer I would take notice and then port there malware, simply because geeks on slashdot and other techno wizards said Macs never get infected. How many times have you heard that you never need anti virus products for the mac. Apple has 15% of the market now! Sure it is not 85% but the vast majority of that 85% have malware and anti virus protection. Macs have nill! Wow, I do not have to even worry if my methods will be detected because their users simply do not run any protection at all. Just release and WAM! Much easier and I could probably have a much higher rate of infection than trying to dodge security software installed with Windows.
Apple is going to be scorned like IE is now if they do address this fast
http://saveie6.com/
Technically, that account has the ability to elevate (like sudo) to admin, but during normal use it is a standard user.
If you don't know where you are going, you will wind up somewhere else.
The Zdnet article compares an internal apple memo relating to a brand new piece of malware that they're still figuring out how to deal with to Microsoft's stated policy which can be found on their website. It's not exactly a fair or meaningfull comparison, since what Apple will end up doing in the end is not yet known. The Apple memo is just a stop gap measure.
There is a reason for this that most people eager to hate will conveniently overlook, Applecare does not cover malware. Apple is not bound by any agreement to diagnose or remove malware or repair problems caused by an an infected program or file. Also, if a Apple employee were to remove a file from an end user's computer and the computer stopped functioning in any way, Apple would be liable. They don't do it. Don't confuse their unwillingness to do stupid shit that leaves them at risk of a lawsuit as them "skirting" an issue.
Microsoft doesn't support removal of the hordes of malware on it's platform either.
Not true. Microsoft-certified stores in fact do offer cleaning of virus and malware, and offer general help and tips against such infections. Not to mention that MSE is at the moment one of the best antivirus tools available for Windows, if not even the best.
Actually, they have an entire software devoted to it. That's more than Apple can say.
In the beginning, there was null.
Also, if MS try to really be effective they may get a antitrust lawsuit from Symantec and the rest.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Granted, I did this as an admin user...
That right there is why I stopped listening to you. If you follow what the grandparent poster said about giving yourself and regular users LIMITED ACCOUNTS and leave the administration separate you won't run into so many of these problems. (as if they're very prevalent anyways).
...instructing users to perform rituals which include special attire, dance-like moves and chanting in strange forgotten languages?
You know... the usual for such an "institution".
Mit der Dummheit kämpfen Götter selbst vergebens
But is one of Microsoft's big selling points, "We don't have viruses, bro! You're safe with us!" ?
I think not :P
No, not necessarily. I've run a lot of Windows boxes, and the ones that other people do not touch do not get infected. I've had to remove exactly one malware infestation on a machine that only I use, but plenty of them for friends, family, and work. This is distinct from servers, which are public, stationary targets.
And no, I'm not a Windows apologist. I dislike almost everything Microsoft stands for, but I dislike ignorant haters who decide to spout nonsense simply for the sake of seeing their words on a screen just as much.
It was swamp gas from a weather balloon that got trapped in a thermal pocket and reflected the light from Venus. Your Macintosh is fine. Trust Our Father Saint Jobs.
That simply is not true. Microsoft regularly releases updates to MSRT (malicious software removal tool) which is built into windows, and uninstalls software like Mac Defender.
Actually yes they do, they provide both free tools and a free support line for dealing with malware. Not only that but you would have seen it if you had even bothered to look at the article as the information for it was part of the article.
Yup. And Linux's dominant market share in the server space means that it's an even juicier target. Which is why you hear about so many pwnt Linux boxes on the web.
http://www.zone-h.org/news/id/4737
Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements. Why and how this is happening? [...] Since many years ago, Linux became the most used OS for webservers and of course the preferred target for the defacers. Last year we archived 1.126.987 attacks against websites running on the Linux systems. The most used exploit by the defacers is the CVE-2010–3301, that was fixed in 2007 and was mysteriously reintroduced in 2008, in a large pile of kernel versions x86_64.
You are obviously right - 80% of website defacements last year all dues to rooted Linux servers - and you don't hear about it, so it must not have happened.
Fandroids hate facts.
You'd be surprised. I think you may be perceiving more anti-Apple rants because you're a OSX/iOS user.
Ehh? This article is an even dumber follow-up to an already stupid troll article from yesterday - and still it was accepted here. Hard not to notice that.
Fandroids hate facts.
The XP firewall is a joke.
Notice how you can start an FTP client, connect to a server and continue having the connection open and transfer files while the firewall dialogue box waits for you to press allow or block?
I'm not sure what country you're in but here in the UK and much of Europe due to strong consumer protection laws none of those things would be classed as a company going out of it's way, but in fact sensible solutions to fulfil their obligations under those laws.
In the first case, they will have sent you an ethernet card simply because they have an obligation to repair, replace, or refund for the system, and sending you the card is undoubtedly the cheapest option for them if you're happy with it. They haven't gone out their way here- it'd be more expensive for them to spend engineer time fixing it, more expensive to replace the whole system, and more expensive to refund you for the system. They did what was best for them.
Similarly replacing an iBook 3 days out of warranty is something they'd realistically have to do in the UK/Europe too, under the consumer protection act in the UK for example for the first 6 months from purchase a firm has to provide a refund, a repair, or a replacement for a faulty product and if they do not wish to honour this must prove the fault was caused by misuse by the user. After the 6 months the obligation switches to the user to prove the fault occured through normal usage and this applies for the reasonable lifetime of the product, which, for products such as expensive laptops has been deemed to be as much as 5 years. Most companies wont contest this and force the user to prove otherwise because something as simple as a written letter by a qualified electrician at a repair shop confirming no user damage would be enough to make them lose their case at more expense to them.
It's a sad example of the state of customer service when you see the things you state as examples of good customer service, when frankly they're the bare minimum a company should do. Good customer service is going above and beyond to show the customer you're actually sorry something went wrong, like not just replacing a laptop that failed as early as 3 days post-warranty, but then giving you some money, store vouchers, or free additional item or similar to make up for the fact the product failed so early when frankly it should not have.
It's also sad that you dismiss issues of the likes of Magsafe power adapters or whatever catching fire as users yanking them out the wall when it's well documented that this is not the case, and similarly dismiss scratches on products that shouldn't scratch so easily as a user issue.
Whether it's Apple or any other company, it's people like you accepting such a low bar of customer service that allows companies to get away with things like this, get away with initially telling users they're holding it wrong and issuing of a free case eventually, and get away with such a low bar of customer service in general. When people like you put up with such crap responses companies are bound to be happy to get away with it- realistically when the iPhone 4 attenna issue came around Apple should've replaced each and every affected handset for free and should've reached out to users to do so, because it was a brand new product with a clear defect but with fanboys refusing to accept fault with their new shiny again, the bar of customer service was once again lowered.
If the Apache server was meant to be public facing, how would a firewall have helped?
It would have had rules to allow access to the Apache server, so it would still have been exploited... Infact, if they'd been using a firewall then an attack like that would have got you a foothold behind it, where there would probably be far more easily exploitable holes hidden behind the firewall.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
A properly configured linux server simply won't have a browser installed for stupid users to do that with...
Windows does by default which is difficult to remove, and sooner or later it ends up being used, either by accident in an rdesktop session or to perform some troubleshooting. It's quite a common vector for exploitation really.
You quite often get cases where people use the default browser on a windows "server" in a corporate dmz to bypass the web filtering policy of that company...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
More to the point - the Apple malware right now is still social-engineering based. It requires you to actively give it your admin password so it can install.
Linux on the server isn't particularly vulnerable to this because nobody in their right mind is surfing the web from their webserver.
The post you're replying to is using 8 year old experiences as a reference.
Back then, many ISPs didn't give you a router, they gave you a USB modem. Your PC connected, got a public IP address your ISPs own support desk told you not to use a firewall of any description because they wouldn't support it. Windows XP didn't get its own built-in firewall until service pack 2, released in 2004 - by then it was sorely needed. There were so many portscanners and Microsoft took such a laissez-faire approach to security that the average time between plugging a Windows PC into the public Internet without a firewall and finding it utterly pwned was about 15-20 minutes - and you didn't even need to bring up a web browser.
MS includes a monthly malware detection scan in Windows Update. The also supply the free Security Essentials and support for using it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
If you ever got support for some PC, you would know that after 3 minutes of tinkering they would default to the Factory reset, procedure. Something that might solve the problem (and remove alll custormer data... but hey... you got a backup not?).
Most helpdesks do not support 3th party software anyway, even if that software was installed via a exploit. You could call malware 3th party software. And then, there is software that is not clearly malware (like browser bars), that are installed with a question, but only make clear what they do if you manage the 10 page TOS.
There is nothing to say the servers defaced were rooted, just that they were defaced... It's quite possible to deface a website with only access to the user account that owns or runs that site.
It also goes on to say that most of those defacements were due to bugs in web applications like remote file includes, now if you write buggy code and put it on a public facing webserver it will be vulnerable regardless what type of webserver you deploy it on.
Also, what type of sites are being defaced? Are they important corporate sites with a significant budget behind them for security hardening, or are they small single person blogs etc?
Similarly, with poorly configured shared hosting exploiting one user's site may get you an increased level of access to another site, for instance in many shared hosting environments the web server process runs as the same userid for all sites, meaning if you exploit one you will have the ability to read files and possibly write to some areas.
Then of course, if you do root the system you instantly gain the capability to deface all the sites hosted on it.
It seems mass defacements are not uncommon, and will naturally skew the stats towards linux as its far more common to host a larger number of sites on a single linux box. Such hosting is also generally the cheapest kind available, and therefore more likely to be used by less savvy users and operated by less competent sysadmins.
Also if you look at the stats, it's only in 2010 that linux defacements have become proportional to market share... In previous years, windows has accounted for a far higher proportion of defacements than its overall webserver marketshare would dictate, especially in 2000-2002 where windows defacements actually outnumbered linux despite having a minority market share.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Presumably the first thing most users do is turn some of those remote services on...
For most single user systems, the first account that windows has you set up is an admin account. There is not sufficient guidance during setup telling people to create and use a non admin account for every day use.
Just like on Mac OS X and the more user friendly Linux distros like Ubuntu, yes.
I have encountered many windows users who have become infected with all sorts, often repeatedly despite paying significant amounts of money both to have infections removed and for ineffective "protection"...
Most of them don't realise that anything other than windows exists, and simply accept the risk and cost of malware as an inherent part of using a computer...
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
A firewall is a crutch to protect an otherwise insecure machine against the big bad network...
The fact that OSX systems ship with it off by default, and yet do not get remotely rooted is a testament to that.
It's far better to have no services running, than to have services running and then hiding behind a firewall... If you actually needed to offer services remotely then you'd have to open up a firewall rule to allow them, if you don't need to offer them then they have no business running at all.
If a service is inaccessible due to a firewall, then just what purpose does that service serve? The answer obviously is "none", so why then should it be running at all? It's wasting resources, and sitting there just waiting for a firewall failure to occur so the service can be exploited.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
So what your basically saying is:
1, no currently available OS is actually suitable for end users...
2, windows in 2007 implemented normal user accounts by default, something apple implemented in 2001 (or whenever the first version of osx came out) and other unixes implemented much much earlier.
Amusing also that you add ".exe" to the end of every malware filename you quote, since its only windows that determines if a file can be executed based on something so arbitrary as the file name. On linux at least, you would have an additional step of marking the file executable first.
Also, while windows is finally getting users used to normal user accounts, apple is moving towards an app store model... Such a model is, for the average user, an answer to the social engineering problem. Educate users that software only comes from the app store or trusted repositories, and prevent (or preferably just make it very difficult) them from executing arbitrary binaries. This would virtually eliminate the attacks you describe, and it seems as usual that apple and linux are years ahead of microsoft.
Compare the level of malware for ipad and iphones, the only malware i'm aware of was only applicable to jailbroken devices, and relied upon the user not changing the default password... I'm not aware of any social engineering attacks which result in execution of arbitrary code.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The windows (NT) kernel is not really the problem anyway, the problems lie further up the stack because of all the extra complexity, much of which has been inherited from the win9x series.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Yes, this capability can be disabled. But this privilege escalation is enabled by default. Do you know how to disable it? (Without looking it up; be honest now. ;-) I've found that hardly any linux or OSX users can answer this when I ask them.
Sure, just run things as a user who isn't in the sudoers file (by default on most distros sudoers has a group added, with anyone in that group allowed to sudo rather than adding individual users to sudoers)...
Note that you still need a valid password in order to elevate privileges, and just exploiting a userland application such as a browser will not give you that password.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Suspension of disbelief?
Remember to maintain your supply of
Agreed. I've noticed it too. In the end you have to shrug it off when they resort to the name calling nonsense you mentioned, but it's also become sort of the new cool. I've noticed a lot of posters that seem to be trying to sound cool by hating anything Apple (and trotting out fanboi and sheep labels) and ironically the method they use is accusing Apple users of just trying to look cool.
Yeah. I wouldn't use it on a production box, though. Damn OS keeps crashing and taking 3 days to reboot...
So the consensus seems to be that Apple has convinced its users that they can't get viruses and don't need anti-virus, which is bad.
In fact, these users are apparently so convinced that they don't need anti-virus and can't get a virus, that the minute a web page tells them they do have a virus (which they believe they can't get), they download the fake anti-virus package (possibly paying for it first even though they believe they don't need it), double-click on the installer, click on "OK" to get past the "this may be malware" warning, click through the installer prompts and finally type in the administrator account user name and password to allow installation to proceed. You know, proceed to install that anti-virus package that Apple, being evil, convinced them they didn't need to install.
Seriously, is this some kind of new low? Asserting that people are convinced they don't need anti-virus and that's why they're installing anti-virus? :-)
Apple are indeed *so* desperate to deny that anti-virus is needed that they allow Intego AntiVirus to be sold through the Mac App Store of all places. That app's description even has headlines warning about this particular trojan, so it's up to date.
http://itunes.apple.com/gb/app/virusbarrier-plus/id430337549
Two obvious suggestions:
http://www.zdnet.com/blog/security/apple-adds-malware-blocker-in-snow-leopard/4104
An on/off switch is not a GUI for ipfw.
Technically, that account is a member of the administrators group and is prevented from doing some things due to UAC. It's closer to a user edited to be UID 0, and prevented from doing stuff due to selinux. There are things an administrator user can do without authenticating via UAC that ordinary users can't do.
On the GigE card front, I am aware they needed to fix the issue - my post was a reply to the OP who was challenging someone to provide any positive Apple CS response - I simply listed the ones I could think of. They sent me the GigE card, but then they also replaced the logic board at a time that was convenient to me - the Gig card was simply to keep me up and running until we were past a heavy edit deadline. They could have been inflexible and said "sure we can fix it under warranty, but you have to send it in or take it to an authorised repair shop". They chose an option that worked well for me, that they didn't have to take. Given that they should be providing good CS, it's nice to see that they do.
I wasn't talking about the magsafe end of the connector, I was referencing a situation with someone I know who complained that he had to "berate" Apple to get them to replace the wall-socket end of his power supply because his normal method of removal was to pull it out of the wall via the cord and it eventually frayed and stopped working.
As far as magsafe goes (and the previous generation of the connector with the pin and ring), there was clearly a design flaw in a part that sees such frequent connection and disconnection and cable movement - the cord was too flimsy at the point where the cable boot meets the cable itself, so it could kink and gradually cause it to get damaged and short out. Apple has covered this with an out-of-warranty free replacement, which is clearly the least they need to do.
Where do you get the impression that I "demand a low bar" from customer service? Talking about my positive experiences at the times I've needed it is far from the conclusive proof necessary to draw that conclusion. You try to downplay Apple's actions in each of my stories, pushing the bar higher, or stating that what they did was standard procedure and thus not exceptional, but I have to wonder - what else are they meant to do? The laptop warranty replacement outside of the time was painless. Didn;t need to argue with them, didn;t need to try to convince them, didn't need multiple calls; they simply arranged to replace it and it was seamless and painless, leaving my brother very happy. Other than throwing themselves on their sword, what else do you think they should do? Making the process smooth and genial, as all customer service should be, as well as giving a satisfactory outcome is the whole goal I thought?
And now you jump into the antenna issue again. The "design flaw" that causes the phone to lose signal if you detune the antenna and are standing in a signal area that the previous iPhone would never have been able to get reception in the first place.
Ok, so the external antenna is more susceptible to detuning than other phones (but it's not unique to the iPhone 4, or even the iPhone in general, just more extreme due to external antenna), and you claim they should have taken every single iPhone back and replaced it.... with what? The iPhone 4 design hasn;t changed at all, so what should they send out in return? Another "broken" iPhone 4? What about the millions of people who aren't having any reception issues? They investigated and determined that the bumpers cured the problem (well, they reduced the detuning - you can't eliminate it) and offered free bumpers to all iPhone 4 users to fix the issue for those who were having issues. From the number of complaints about it, the bumpers were clearly adequate to solve the problem. For the millions of others who didn;t see an issue, they got a free case out of it. The antenna is better than the iPhone 3G's one, and picks up signal in much lower reception areas, but it does have a weakness when the signal is that low. I suspect the iPhone 5 will address that.
I hardly think they're "lowering the bar" of customer service by giving out free cases that cure the problem, as opposed to totally redesigning, manufacturing and shipping out new phones - how long do you think that would take, especially for these customers who are apparently seriously struggling with the phone and need it fixed zomg right nao! Especially when it can be fixed in 5 minutes with a case.
I think you're just looking for excuses to trash them.
What won't change will be arrogant, clueless Mac users lecturing users of other platforms on how superior Mac users are to the rest of the human race, and I say that as a Mac user myself.
For United States and Canada
The computer safety team is available for computer virus and for other security-related support 24 hours a day in the United States and in Canada.
To obtain computer virus and security-related support, follow these steps:
1.Before you contact a support engineer, make sure that you run updated antivirus software and updated spyware removal software on the infected computer.For more information about how to obtain a free computer safety scan, visit the following Microsoft Web site: http://www.microsoft.com/security/scanner/(http://www.microsoft.com/security/scanner/) For more information about antispyware software, visit the following Microsoft Web site:http://www.microsoft.com/protect/computer/spyware/as.mspx(http://www.microsoft.com/protect/computer/spyware/as.mspx)
2.Call 1-866-PCSAFETY or call 1-866-727-2338 to contact security support.
There is nothing to say the servers defaced were rooted, just that they were defaced...
Yes, it says exactly that - learn to read. "The most used exploit by the defacers is the CVE-2010–3301" - a Local Privilege Escalation Vulnerability in the Linux Kernel. Are you telling me they only bothered to escalate to web-admin and not to root?
Damn Linux apologists who think Linux is soooo safe from malware unlike other OSes, and feel they need to tell everybody about it and then can't accept it when shown wrong. Gee, I wonder if the next article by Mr. MS sponsored journalist for ZDNet will be about them - wouldn't that be fun?
Fandroids hate facts.
But while it's up, it sure keeps the daemons running!
"Where do you get the impression that I "demand a low bar" from customer service?"
As I say, simply the fact that a company fixed a fault with your product. I'm not saying you're particularly out of the ordinary in being happy with this service- I'm saying this lowers the bar because they've simply done the bare minimum required of them when not only should they be resolving an issue, but should be compensating you for having to suffer the inconvenience of facing an issue you shouldn't have had to in the first place.
"Ok, so the external antenna is more susceptible to detuning than other phones (but it's not unique to the iPhone 4, or even the iPhone in general, just more extreme due to external antenna), and you claim they should have taken every single iPhone back and replaced it.... with what?"
Oh come off it, let's not stupid to the level of denial. It's been demonstrated time and time again that the iPhone 4 had a design fault, Apple muddied the waters with their official announcement, but there's no dispute here so stop trying to pretend that's the case, it's established fact that the iPhone 4 had a design fault. Note how car manufacturers deal with a similar thing- Toyota stuck car mats were replaced when Toyota could've simply said that happens with all cars (It certainly used to happen with my old Vauxhall corsa). Apple muddied the waters here and you may be right, new iPhone 4s still have the issue, but the solution should've been a redesign to eliminate the fault and issuing of fixed products to consumers.
"I think you're just looking for excuses to trash them."
Please, let's not stoop to fanboyism, it's just pathetic. My view is that consumers should be treated better than they are, and that by expecting the bare minimum you're letting corporations get away with things they shouldn't. Look, I know you're a big fan of Apple, but if you bought a product from someone like I don't know, say, HP, would you really be content if it had a flaw? Would you be content with a case for it that covered up the flaw? These devices are expensive and when you pay what you do for them you should be able to expect a product that has no flaws, and Apple makes enough profit that they should've had the courage to accept that they fucked up, and pay for replacement handsets for everyone.
As much as I'm not keen on praising Microsoft, and know it's almost like asking for a death sentence here, I think the latest news story posted here on Slashdot about some XBox 360s having a flaw from an update that prevents those consoles affected from playing new titles coming out from now on demonstrates my point- Microsoft are not only offering to replace the console, which is the bare minimum they should really do, but are giving a years free live subscription as compensation for the inconvenience- it's that extra step that is the difference between fulfilling your obligations as a firm and saying "Here, we fixed the problem", and saying "Sorry, we fucked up, let us make it up to you with compensation for inconveniencing you with our mistake".
Consumers deserve better, especially with the cost of many IT gadgets, if companies aren't pressured into compensating for mistakes and mistakes aren't costly for them, they'll make them more and more and care less about making sure products are perfect right out the door. Whether you're a fan of Apple, Google, Microsoft, Sony, Nintendo, or whoever, this should still be the case.
This is because Apple is the current FOSS type boogeyman. 10 years ago it was M$ or Windoze or Winblows or whatever else, and people using Apple software were barely noticed unless someone wanted to start a BSD versus Linux flamewar.
You should feel no need to defend your OS choice, I don't. I use what works best for me, with my eyes wide open and having tred the available alternatives. I dont know any of the people here from a can of paint, and they don't know me, so pretending that they would somehow know better than me what operating system I need is a dumb premise on which to base a debate. No one knows what I want better than I do. I likewise extend similar courtesy to others in that I don't recount pairwise feature comparisons or evoke dark, usually sex themed, dreamworld scenarios where the principal personality associated with a given operating system dominates those who use it.
Except for people who use vi instead of emacs, they are idiots.
"Sacrifice for the good of The State" - The State
As I say, simply the fact that a company fixed a fault with your product. I'm not saying you're particularly out of the ordinary in being happy with this service- I'm saying this lowers the bar because they've simply done the bare minimum required of them when not only should they be resolving an issue, but should be compensating you for having to suffer the inconvenience of facing an issue you shouldn't have had to in the first place.
There's another name for that: being an entitled ass. Setting out with the mindset that the world owes you something for... being you, leads to that sort of attitude.
Why should Apple "compensate you for your inconvenience"? They fixed the product, as they should do but the world isn;t always perfect and smooth. Sometimes things break, sometimes things don;t go 100% to plan. This doesn't mean the world owes you if unexpected things happen.
Apple (and microsoft, in the case of broken 360s, replaced with newer ones) have done exactly what they are meant to when faced with a CS issue. To have it resolved effectively and then saying "right, now what else are you going to do to make me happy?" is going beyond CS and into the realm of "the customer is always right, even when they're wrong".
It reminds me of Tuesday maintenance on the WoW servers, with frothing demands for compensation and free game time if the servers don;t come back up at precisely the time in the original estimate, or even that they go down *at all* for maintenance.
****
Re: iPhone 4 antenna - note that I am not arguing the lack of a design issue. Clearly an external metal antenna that is easy to detune is a flaw in the antenna design. My point is that it affected a very small number of people in very specific circumstances (and in areas where the older iPhone that the 4 replaced couldn't even receive a signal in perfect conditions). Apple addressed the media hype engine that is wasn't a phenomenon unique to the iPhone, and then fixed it by offering free bumpers which eliminate the problem. The other solution offered was to return the phone for a full refund and no penalty for early contract termination, due to phone fault. For the vast majority of people though, there was no issue, and they got a free case out of it.
I buy lots of things from lots of vendors, but I don;t have an entitled attitude. I've had a number of repairs and warranty situations and in general they have been very positive - it's not unique to Apple. I expect that things be put right, but I'm also not going to chase them down for some sense that I "deserve" something because I was the victim of circumstance.
So, in "karma burning" territory, I have had positive CS from Sony, Microsoft, Apple, Maxtor, Citroen, Virgin, United Airlines and several others.
I had negative CS from Sky, AoL and Freeserve.
I consider the CS received from the first batch to be excellent, and I didn't feel like they should be "going out of their way to make me feel special". They fixed my issues and did it graciously and effortlessly on my part. The second set though... not so good.
I was with you all the way up to vi vs emacs. Now you are my sworn enemy! I will not sit at the same table as you.
Are we going back to the days of the ancient Greek philosophers where having to looking up a piece of information was considered a mental weakness?
To be fair, there was only around twelve pieces of information in the world back then.
They gave me a free GigE card (at their suggestion) when I had problems with the built in ethernet on the logic board on a Powermac G5 and didn't have the time to take it in for repair because it was an edit machine.
They replaced my brother's iBook, 3 days out of warranty, because it was close to the expiry date and it was unfortunate.
They shipped a fresh set of Universal Binary Final Cut Studio disks to me for postage cost when the Intel switch came about, so we wouldn't have to buy the newer version of the suite to be able to run it natively.
Oh I'm sure I have a few more.
They also do "Macs form [sic] dummies" for those who yank their power cord from the wall socket by the cable and wonder why it frays and catches fire, or who throw their laptop in a bag with no case and wonder why the surface gets all scratched and so on.
They also deal with regular people who have hardware and software problems.
Your last line there, "They also deal with regular people".
So, your not a regular person? Your what, part of a big company that does hundred of thousands of dollars in business with apple, so if you dropped your mouse, they are there picking it up for you?
Be seeing you...
And Microsoft's FUD about Linux is logical?
If Microsoft would quit spreading FUD about Linux, we would quit returning the favor. If Microsoft doesn't like Linux, they should just not use it. But instead they make stuff up about it.
There are some major differences however. I have never been found guilty of violating monopoly law (I am too sneaky when I do it) and I am not a patent troll (more of a patent ogre). I never installed a backdoor in my OS for the NSA (I did it for the former KGB once, but I was only a child at the time). I never paid a huge Microsoft supporter to drop all future support for Microsoft OSes (I did threaten to touch them with a piece of poop on a stick if they didn't, but poo threats a bribes at horses of a different color).
If you cannot tell, we Linux Lovers feel wronged by the convicted criminal organization know as Microsoft (let's not mince words, they broke the law and were found guilty of it). Microsoft fucked with us, continues to fuck with us and will fuck with us in the future. All because we offer for free what it sells as a premium. Well, that and they are fools holding onto the old ideal of pyramidal power structures. Distributed peers for the WIN!
So, your [sic] not a regular person? Your [sic] what, part of a big company that does hundred of thousands of dollars in business with apple, so if you dropped your mouse, they are there picking it up for you?
My closing sentence was a circular connection back to my initial paragraphs about myself; I realise on second reading I could have dropped one of the "alsos" from either that line or the penultimate paragraph to make it more clear, although in my first story the Applecare was for a business, and in the second one it was for a home user.
The point was to challenge the anonymous OP's assertion that Apple's customer support is merely "Macs for dummies".
Also, might I suggest this oatmeal comic: http://theoatmeal.com/comics/misspelling
It might help your future posts on message boards involving text.
I choose to believe they are real soccer moms, thank you very much.
Some see the cream-pie as half empty, I choose to see it as half-full.
You are welcome on my lawn.
http://www.reddit.com/r/technology/comments/hfydw/macdefender_just_had_a_mac_checked_in_for_it_will/
Any further questions, Applefags?
That guy has ZERO certifications *I know him personally* and he just owned your entire paid-for support team.
Enjoy buying useless services that Apple can *NEVER* live up to.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
It's inbound not outbound.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
I imagine it was caused by compromised ad servers. I disable Flash and PDF BHOs on computers that aren't mine for the duration that I use it. It's a good reason block advertisements too.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
No compromised servers needed. They just distribute ads with exploit code in them.
"When information is power, privacy is freedom" - Jah-Wren Ryel
That's so true. I really wouldn't be surprised. There are so many adservers around, I imagine many accept payouts...
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
For most single user systems, the first account that windows has you set up is an admin account. There is not sufficient guidance during setup telling people to create and use a non admin account for every day use.
Just like on Mac OS X and the more user friendly Linux distros like Ubuntu, yes.
~$ cat /etc/shadow /etc/shadow: Permission denied
cat:
Hmm, not just like... On Windows Vista, Windows 7, Windows Server 2008, ".\Administrator" is disabled, and the first user account created is given admin rights by making it part of "BUILTIN\Administrators" group. This gives it a lot more power than it should have, especially since there is no further admonition to create a non-admin account and use the admin account sparingly (I remember at least 8 years ago, Suse used to make root's KDE desktop background image a splash of red with a giant cartoon bomb and a warning about not using root for anything but system maintenance). It was so visible that I made it Windows' Administrator background for our desktops.
If you follow what the grandparent poster said about giving yourself and regular users LIMITED ACCOUNTS and leave the administration separate you won't run into so many of these problems.
Well, yeah; I've done that, when I was working inside corporate networks. But note that I was talking about the large number of personally-owned Mac and linux systems, whose "admins" are their individual owners. How do you propose we go about forcing them to use limited accounts on their own personal machines? With the exception of a very few owned by knowledgeable geeks, those machines will continue to default to a single login that has admin access, and that login's password will continue to allow the software to automatically escalate to root permissions.
(It's also my experience that companies that allow non-MS machines at work usually also allow this default setup. The IT drones that handle such things usually can't be bothered to learn how to handle unix-like security setups. They all have their MSCE certificates, and they know all they need to know about security. If a real problem comes up, they simply ban the non-MS systems. ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
How would zone-h know what exploits were used? All they see is the defaced site, it's unlikely most victims of defacement are going to go around telling defacement mirrors how they were hacked, and its unlikely most of the hackers will talk about what it is they used.
Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
How would zone-h know what exploits were used? All they see is the defaced site, it's unlikely most victims of defacement are going to go around telling defacement mirrors how they were hacked, and its unlikely most of the hackers will talk about what it is they used.
Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?
Mostly the defacers tell them. But yeah, those people will lie about rooting a Linux box, they actually just defaced a Windows box. Thanks for proving my point about people like you.
Fandroids hate facts.
Also you can't use a local privilege escalation exploit until *AFTER* you have obtained user level access. How was this level of access obtained?
PS: you can tell by just looking at the time the server was defaced and the kernel version you can get from the info the server returns (as well as the sheer increase in numbers) : If it was after mid-September, and the kernel wasn't the one with the fix (or something really old), no hacker would have not used the sure way to root the machine.
And who fucking cares what they used to go into the machines: they did - and rooted them. Because all it takes is a vulnerability in some much-used gadget-add-on for Apache and one of the ever increasing number of local priv. escalation bugs. And if you look at previous stats, you'll be able to see how wrong the "Insightful" claims about the unpwnability of Linux boxes are. Well, you probably won't. Which was my fucking point about you hopeless cases - who feel the need to paint all Mac users in a similar brush. That's first rate irony.
Fandroids hate facts.
Actually, i am a regular user of both Mac and Linux (and other unixes, but less so these days)... Using a macbook pro to type this.
OSX is not immune to local privilege escalation vulnerabilities, take for example http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c and there are
Similarly a webapp level bug would yield user level access just the same on OSX as Linux or any other platform (and probably give you instant root equivalent on windows, since apache runs as SYSTEM by default there).
I am in no doubt that hackers would try to root OSX machines if they found vulnerable webapps running on one.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
"There's another name for that: being an entitled ass. Setting out with the mindset that the world owes you something for... being you, leads to that sort of attitude."
What the fuck are you on about? When you pay for a product you're entitled to that product, or are you really such a batshit crazy irrational Apple fanboy that you'd be willing to pay Apple £500 for a phone in a box only to find the phone wasn't in the box because nevermind, it's not like you're owed anything are you?
No, in the real world, when you get out of fanboy land, a purchase is a contract between you and the seller, the seller sells you a product with the understanding that it should meet certain expectations, if the product does not meet those expectations then yes, the seller certainly does fucking owe you.
Apple should compensate your for your inconvenience because it's their fault you were inconvenienced in selling you a product that simply did not meet the level of expectation any rational customer would have (hence why so many people did return their iPhone 4s once the antenna design fault was clear).
You can't claim Apple and Microsoft have done exactly what they are meant to do- Apple hasn't, it's done the bear minimum, in contrast Microsoft has done exactly what I suggested- compensated the customer for a mistake not of the customer's making.
It's really a sad reflection how badly fanboys like yourself are willing to throw away long established principles of good customer service to a company to which you owe nothing because they are merely there to make money off of you. The level of irrationality fanboys like yourself stoop to the point you're willing to actually lose out for the sake of defending your pet company is insane.
It's always been the case that the customer should get what they pay for- and that's a fault free product, and if it's not fault free, the company should rectify that and compensate for the customer having to go out their way. Stop being a 'tard and letting companies get away with trying to change that, when they fuck up the onus is on them to fix it and make it up to you. Just to illustrate another example and how irrational your argument is, consider you only have £25 in your bank, and you buy something for £20 but get double charged putting you £15 in the red, all many bad companies will do is refund you the £20 overcharge, but if you incur £25 fees for going overdrawn by your bank would you really not claim the £25 fees off them for forcing you overdrawn? would you really just foot the bill of inconvenience for their mistake because you "don't have a sense of entitlement" right?
"Oh but that's different". No, it's not. People like you are rational consumers worst enemy.
You are intentionally (probably, but I haven't ruled out general cluelessness) misreading my intent. You seem to suggest that I think it's ok if the product isn't working right, but that's not what I'm saying at all. You buy a product and you are entitled to have that product in full working order. If it's not, then the company needs to make sure that it is, but beyond repairing it and restoring the product to the way it would be if you purchased it new and didn't have any problems they have no obligations to you at all. You're not entitled to have them bend over and kiss your ass purely because of accidental circumstances - it's not the company's fault that the product broke, since it is impossible to provide a 100% perfect run of products in a mass production environment, or even in a short-run hand-built setting. What the company is obligated to do is put it right, so you're at the same level as someone who got a working one off the bat.
Whether they then decide to do anything else for you is entirely up to them, and many often will compensate their nice customers (and do the bare minimum for those who berate their staff and F-and-blind their way up the CS tree like a douchebag - you catch more flies with honey, etc). However, don't think for one millisecond that you are *entitled* to them giving you anything extra than what is available to you when you purchased the product. The money is in exchange for the product, and everything advertised therein. It does not entitle you to anything else beyond that.
This is the case for *all* companies and products, not just Apple.
And I don't think you're reading what I'm saying:
"but beyond repairing it and restoring the product to the way it would be if you purchased it new and didn't have any problems they have no obligations to you at all."
This isn't entirely true, of for example you have to pay for postage to send a faulty product back that was faulty through no fault of your own and the company is deemed liable then by you can claim this back- the same goes for phone calls to premium rate lines and so forth they may require you to phone. But beyond that, most people value their time and whether there is an obligation or not the point is that it's good customer service that customers are compensated for lost time and inconvenience if a product failed through no fault of their own- that is, ignoring their obligations, it's still something they should do.
It absolutely is the company's fault the product broke, it is their responsibility to ensure they provide a product that is fit for purpose, and yes you're right, it's impossible to ensure this will always be the case but that's irrelevant, it's something they have to price into their product- dealing with knowing that there will at least be some faults.
This assertion:
"What the company is obligated to do is put it right, so you're at the same level as someone who got a working one off the bat."
Is completely wrong. Someone who got a working one off the bat didn't have to waste their time getting a repair/replacement, didn't have to waste their fuel driving to get a replacement, didn't have to waste money on a non-free support line phoning the firm up, and this is the fundamental point behind the concept of compensation as good customer service practice.
"However, don't think for one millisecond that you are *entitled* to them giving you anything extra than what is available to you when you purchased the product."
In many cases the courts would disagree, plenty of people who have really felt the need have compensated users for their time and money spent on getting a product fixed. The issue is that if people continue to accept that yeah, they're going to have to put up with having their time wasted with shitty products then it weakens this age old precedent and this is the problem we're facing nowadays, people like yourself willing to spend your own time and money getting something fixed.
"The money is in exchange for the product"
Herein lies the fundamental point, the money is in exchange for the product which, by law (in most countries at least) must be fit for purpose, if it has a design fault or fails within an unreasonable time period then it is not fit for purpose and while the customer has fulfilled his obligation in paying the money, the other party has not.
I guess it somewhat comes down to whether you value your time or not, personally I do because I have a lot of things to do, but if you've got more time than you know what to do with and don't value your time at all, then perhaps it's understandable you don't mind screwing around wasting time and potentially money getting a product you were sold that was faulty fixed. Obviously at least in the latest case, Microsoft understands that people do value their time, hence the compensation for the inconvenience of needing a console replacement.